CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-3864 – webkitgtk: Non-unique security origin for DOM object contexts
https://notcve.org/view.php?id=CVE-2020-3864
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. Se abordó un problema lógico con una comprobación mejorada. Este problema se corrigió en iCloud para Windows versión 7.17, iTunes versión 12.10.4 para Windows, iCloud para Windows versión 10.9.2, tvOS versión 13.3.1, Safari versión 13.0.5, iOS versión 13.3.1 y iPadOS versión 13.3.1. • https://support.apple.com/en-us/HT210918 https://support.apple.com/en-us/HT210920 https://support.apple.com/en-us/HT210922 https://support.apple.com/en-us/HT210923 https://support.apple.com/en-us/HT210947 https://support.apple.com/en-us/HT210948 https://access.redhat.com/security/cve/CVE-2020-3864 https://bugzilla.redhat.com/show_bug.cgi?id=1876518 • CWE-346: Origin Validation Error •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2020-3757 – flash-plugin: Arbitrary Code Execution vulnerability (APSB20-06)
https://notcve.org/view.php?id=CVE-2020-3757
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versiones 32.0.0.321 y anteriores, 32.0.0.314 y anteriores, 32.0.0.321 y anteriores, y 32.0.0.255 y anteriores, presenta una vulnerabilidad de confusión de tipos. Una explotación con éxito podría conllevar a una ejecución de código arbitrario. • https://access.redhat.com/errata/RHSA-2020:0513 https://helpx.adobe.com/security/products/flash-player/apsb20-06.html https://security.gentoo.org/glsa/202003-61 https://access.redhat.com/security/cve/CVE-2020-3757 https://bugzilla.redhat.com/show_bug.cgi?id=1801792 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2020-6415 – chromium-browser: Inappropriate implementation in JavaScript
https://notcve.org/view.php?id=CVE-2020-6415
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en JavaScript en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1029576 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1CVE-2020-6416 – chromium-browser: Insufficient data validation in streams
https://notcve.org/view.php?id=CVE-2020-6416
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación de datos insuficiente en streams en Google Chrome versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1031895 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 1CVE-2020-6381 – chromium-browser: Integer overflow in JavaScript
https://notcve.org/view.php?id=CVE-2020-6381
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en JavaScript en Google Chrome sobre ChromeOS y Android versiones anteriores a 80.0.3987.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1034394 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-190: Integer Overflow or Wraparound •